diff options
author | Damien Miller <djm@mindrot.org> | 2006-03-15 12:06:23 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-03-15 12:06:23 +1100 |
commit | 8275fade44b56aed722ea91bc4586f48babece80 (patch) | |
tree | 008fc19e661c19854303ee25c8e5d12347546893 /ssh-add.c | |
parent | 306d118f72670f0da447f28b7eec576dcb4a6e38 (diff) |
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138, ok djm@
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 17 |
1 files changed, 13 insertions, 4 deletions
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.76 2006/03/13 10:26:52 dtucker Exp $"); |
39 | 39 | ||
40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
41 | #include <sys/stat.h> | 41 | #include <sys/stat.h> |
@@ -127,16 +127,25 @@ delete_all(AuthenticationConnection *ac) | |||
127 | static int | 127 | static int |
128 | add_file(AuthenticationConnection *ac, const char *filename) | 128 | add_file(AuthenticationConnection *ac, const char *filename) |
129 | { | 129 | { |
130 | struct stat st; | ||
131 | Key *private; | 130 | Key *private; |
132 | char *comment = NULL; | 131 | char *comment = NULL; |
133 | char msg[1024]; | 132 | char msg[1024]; |
134 | int ret = -1; | 133 | int fd, perms_ok, ret = -1; |
135 | 134 | ||
136 | if (stat(filename, &st) < 0) { | 135 | if ((fd = open(filename, 0)) < 0) { |
137 | perror(filename); | 136 | perror(filename); |
138 | return -1; | 137 | return -1; |
139 | } | 138 | } |
139 | |||
140 | /* | ||
141 | * Since we'll try to load a keyfile multiple times, permission errors | ||
142 | * will occur multiple times, so check perms first and bail if wrong. | ||
143 | */ | ||
144 | perms_ok = key_perm_ok(fd, filename); | ||
145 | close(fd); | ||
146 | if (!perms_ok) | ||
147 | return -1; | ||
148 | |||
140 | /* At first, try empty passphrase */ | 149 | /* At first, try empty passphrase */ |
141 | private = key_load_private(filename, "", &comment); | 150 | private = key_load_private(filename, "", &comment); |
142 | if (comment == NULL) | 151 | if (comment == NULL) |